Problems with UsePrivilegeSeparation (was: port fwd as user != root?

Ben Lindstrom mouring at etoh.eviladmin.org
Wed May 29 02:05:52 EST 2002 

You do have a user called 'sshd' in your /etc/passwd right?

- Ben

On Tue, 28 May 2002, Mathias Koerber wrote:

> I just upgraded to OpenSSH3.2.3p1 as it seemed that
> 	UsePrivilegeSeparation yes
> might help with my problem (connections forwarded
> are owned by root instead of the user I logged in as
> on the server), but instead, sshd barfs on receiving
> a connection. Without UsePrivilegeSeparation
> the server works fine.
>
>
> # strace -o /tmp/sshd.str sshd -d
> debug1: sshd version OpenSSH_3.2.3p1
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from 202.42.176.138 port 2483
> debug1: Client protocol version 2.0; client software version 3.3.1 SecureCRT
> debug1: no match: 3.3.1 SecureCRT
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.2.3p1
> mmap(65536)
> debug1: Calling cleanup 0x806a470(0x0)
> root at matjes:/usr/local/etc
>
>
> Here is the tail of the strace:
>
> write(2, "debug1: Client protocol version "..., 78) = 78
> write(2, "debug1: no match: 3.3.1 SecureCR"..., 35) = 35
> write(2, "Enabling compatibility mode for "..., 46) = 46
> write(2, "debug1: Local version string SSH"..., 55) = 55
> fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK)  = 0
> socketpair(PF_UNIX, SOCK_STREAM, , 0, [4, 8]) = 0
> fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
> fcntl(8, F_SETFD, FD_CLOEXEC)           = 0
> mmap(0, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = -1
> EINVAL (Invalid argument)
> write(2, "mmap(65536)\r\n", 13)         = 13
> write(2, "debug1: Calling cleanup 0x806a47"..., 40) = 40
> shutdown(5, 2 /* send and receive */)   = 0
> close(5)                                = 0
> _exit(255)                              = ?
>
>
> The kernel is a somewhat older Linux 2.2.13.
>
> regards
>
>

More information about the openssh-unix-dev mailing list